Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/4T1bySiGudbsbv8Y6SYMT68IAlk.roa
File:                     4T1bySiGudbsbv8Y6SYMT68IAlk.roa (raw, json)
Hash identifier:          j45Gs5R+QR12QMbnB1e3ALfJJc32d03rqtj+AWZZhSU=
Subject key identifier:   E1:3D:5B:C9:28:86:B9:D6:EC:6E:FF:18:E9:26:0C:4F:AF:08:02:59
Certificate issuer:       /CN=e5da8e9cfc8b160ec59b540f39d8973d4218312a
Certificate serial:       0199C47D1E503B1441E48B0D137D76049359
Authority key identifier: E5:DA:8E:9C:FC:8B:16:0E:C5:9B:54:0F:39:D8:97:3D:42:18:31:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/4T1bySiGudbsbv8Y6SYMT68IAlk.roa
Signing time:             Wed 08 Oct 2025 15:42:38 +0000
ROA not before:           Wed 08 Oct 2025 15:42:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        2a10:4780:a4::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c4:7d:1e:50:3b:14:41:e4:8b:0d:13:7d:76:04:93:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5da8e9cfc8b160ec59b540f39d8973d4218312a
        Validity
            Not Before: Oct  8 15:42:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e13d5bc92886b9d6ec6eff18e9260c4faf080259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:22:02:b3:13:e2:cb:98:ef:07:ff:b3:42:73:
                    f5:32:ea:2f:24:36:67:46:58:49:91:66:c4:0a:9c:
                    24:18:44:89:e9:e0:a3:f4:1d:e2:52:cc:13:82:5f:
                    88:f6:a2:f2:c0:f4:a7:43:7f:13:ec:5a:98:d4:bb:
                    9b:10:9c:c9:d2:c6:a8:f7:c6:73:08:5a:b3:a8:58:
                    60:4f:ef:24:6d:e5:77:c3:54:b0:b5:b1:3b:87:33:
                    13:1d:7b:05:ec:7a:20:25:31:59:63:8b:22:47:66:
                    d3:c5:8d:de:e8:da:d4:c9:5c:91:11:ba:63:ff:8b:
                    37:e7:aa:ff:1c:28:17:bb:4c:1b:b5:e7:d2:6f:8e:
                    2f:34:a8:28:31:43:04:dd:65:1b:85:87:1b:85:18:
                    30:d4:ec:42:4a:94:68:a1:17:55:18:e5:8d:cf:0b:
                    8c:63:ef:12:a6:f7:69:07:c5:a5:05:aa:56:5e:f8:
                    9e:be:fd:b9:d1:b5:9f:fb:87:d2:d4:a7:03:a8:e0:
                    e7:1a:e5:8a:f9:b8:dd:91:82:5d:e7:30:5b:84:72:
                    67:50:7b:8d:a4:e2:fd:4d:c4:4d:5e:f1:57:d7:bc:
                    77:81:f8:62:5a:10:c6:4f:13:06:5c:2c:94:8d:75:
                    68:9a:e1:5d:bc:d1:40:98:52:ba:8a:66:d2:6a:cd:
                    51:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:3D:5B:C9:28:86:B9:D6:EC:6E:FF:18:E9:26:0C:4F:AF:08:02:59
            X509v3 Authority Key Identifier:
                keyid:E5:DA:8E:9C:FC:8B:16:0E:C5:9B:54:0F:39:D8:97:3D:42:18:31:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/4T1bySiGudbsbv8Y6SYMT68IAlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4780:a4::/46

    Signature Algorithm: sha256WithRSAEncryption
         19:8e:90:5f:8a:d6:f3:3b:b1:95:51:7b:11:44:ba:4a:ee:1f:
         2b:da:68:3f:5f:65:d7:66:bf:e4:47:b2:6e:4d:33:84:15:12:
         bb:e9:f5:3c:00:b7:fb:15:1e:87:27:e9:a7:f7:89:30:aa:e4:
         db:95:54:55:bf:f8:c1:b0:6f:57:01:2b:5b:7b:ed:6f:f8:ce:
         75:16:c3:87:dc:fc:b9:a5:c4:1c:ee:45:d9:49:b8:96:5e:16:
         cb:1e:0e:9a:f4:5d:03:64:a9:a0:88:b4:37:ef:e7:03:00:4d:
         50:79:88:f0:11:aa:b9:47:5e:9b:3e:82:76:76:50:c3:c4:62:
         eb:0b:be:1f:b8:0a:c3:05:53:20:6f:6e:9a:82:9a:d9:67:3d:
         45:e4:65:61:8a:7d:3a:81:40:90:27:dc:91:e7:e7:c1:e3:d6:
         04:23:25:11:b0:88:b3:87:5f:6e:c2:ef:68:e9:58:72:c3:a7:
         f7:07:e8:ca:be:ff:55:5a:37:83:a4:86:dc:9d:08:d5:90:49:
         7c:49:41:f4:b7:0b:31:e0:25:b7:f1:65:3d:16:e2:b7:6a:97:
         9b:15:ad:6a:6b:37:88:cc:c1:d8:ba:c8:62:72:da:a4:1c:a8:
         73:47:68:fc:02:bd:14:c2:cd:15:4a:12:ba:43:e8:9b:b5:0a:
         4f:14:68:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnEfR5QOxRB5IsNE312BJNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZGE4ZTljZmM4YjE2MGVjNTliNTQwZjM5ZDg5NzNkNDIx
ODMxMmEwHhcNMjUxMDA4MTU0MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTNkNWJjOTI4ODZiOWQ2ZWM2ZWZmMThlOTI2MGM0ZmFmMDgwMjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyICsxPiy5jvB/+zQnP1MuovJDZn
RlhJkWbECpwkGESJ6eCj9B3iUswTgl+I9qLywPSnQ38T7FqY1LubEJzJ0sao98Zz
CFqzqFhgT+8kbeV3w1SwtbE7hzMTHXsF7HogJTFZY4siR2bTxY3e6NrUyVyREbpj
/4s356r/HCgXu0wbtefSb44vNKgoMUME3WUbhYcbhRgw1OxCSpRooRdVGOWNzwuM
Y+8SpvdpB8WlBapWXvievv250bWf+4fS1KcDqODnGuWK+bjdkYJd5zBbhHJnUHuN
pOL9TcRNXvFX17x3gfhiWhDGTxMGXCyUjXVomuFdvNFAmFK6imbSas1RNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOE9W8kohrnW7G7/GOkmDE+vCAJZMB8GA1UdIwQY
MBaAFOXajpz8ixYOxZtUDznYlz1CGDEqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRxT25QeUxGZzdGbTFRUE9kaVhQVUlZTVNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wMDNjYTktYzM5MC00Mjc0LThmYzYt
N2M1MDQ3MDNiYjAyLzEvNFQxYnlTaUd1ZGJzYnY4WTZTWU1UNjhJQWxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wMDNjYTktYzM5MC00Mjc0LThmYzYtN2M1MDQ3MDNiYjAy
LzEvNWRxT25QeUxGZzdGbTFRUE9kaVhQVUlZTVNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhBHgACk
MA0GCSqGSIb3DQEBCwUAA4IBAQAZjpBfitbzO7GVUXsRRLpK7h8r2mg/X2XXZr/k
R7JuTTOEFRK76fU8ALf7FR6HJ+mn94kwquTblVRVv/jBsG9XAStbe+1v+M51FsOH
3Py5pcQc7kXZSbiWXhbLHg6a9F0DZKmgiLQ37+cDAE1QeYjwEaq5R16bPoJ2dlDD
xGLrC74fuArDBVMgb26agprZZz1F5GVhin06gUCQJ9yR5+fB49YEIyURsIizh19u
wu9o6Vhyw6f3B+jKvv9VWjeDpIbcnQjVkEl8SUH0twsx4CW38WU9FuK3apebFa1q
azeIzMHYushictqkHKhzR2j8Ar0Uws0VShK6Q+ibtQpPFGin
-----END CERTIFICATE-----